How can I fix resfix32v.exe?

Discussion in 'Malware Help (A Specialist Will Reply)' started by gravepast, Dec 28, 2007.

  1. gravepast

    gravepast Private E-2

    I have the dreaded resfix32v and downloaded hijackthis. What do I do now? My PC is barely running. Thank you for any help. I have a second PC, this one, to reply and check messages. -Dave
     
    gravepast, Dec 28, 2007
    #1
  2. gravepast

    gravepast Private E-2

    hijackthis.log file:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:40:52 PM, on 12/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Common Files\Apple\Mobile Device
    Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\ati2sgag.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Windows
    Utilities\Hotkey.exe
    C:\Program Files\TOSHIBA\Touch and
    Launch\PadExe.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming
    Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    c:\program files\common
    files\mcafee\mna\mcnasvc.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Windows Media
    Player\WMPNSCFG.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Common Files\Microsoft
    Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Common
    Files\Logitech\khalshared\KHALMNPR.EXE

    R1 - HKCU\Software\Microsoft\Internet
    Explorer\Main,Search Bar =
    http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet
    Explorer\Main,Search Page =
    http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet
    Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet
    Explorer\Main,Default_Page_URL =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet
    Explorer\Main,Default_Search_URL =
    http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet
    Explorer\Main,Search Bar =
    http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet
    Explorer\Main,Search Page =
    http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet
    Explorer\Main,Start Page =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet
    Explorer\SearchURL,(Default) =
    http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet
    Explorer\Main,Window Title = Windows Internet
    Explorer provided by Yahoo!
    O2 - BHO: AcroIEHlprObj Class -
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat
    5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) -
    {089FD14D-132B-48FC-8861-0048AE113215} -
    C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: scriptproxy -
    {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
    C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O3 - Toolbar: McAfee SiteAdvisor -
    {0BF43445-2F28-4351-9252-17FE6E806AA0} -
    C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program
    Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program
    Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility]
    "c:\Program Files\Toshiba\Windows
    Utilities\Hotkey.exe" /lang en
    O4 - HKLM\..\Run: [PadTouch] C:\Program
    Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program
    Files\TOSHIBA\TOSHIBA Zooming
    Utility\SmoothView.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Pinger]
    c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction
    Layer] "C:\Program Files\Common
    Files\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe
    -NoClient
    O4 - HKLM\..\Run: [Kernel and Hardware
    Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program
    Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program
    Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program
    Files\Common Files\Real\Update_OB\realsched.exe"
    -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program
    Files\Yahoo!\Search
    Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mvload32] C:\Program
    Files\Internet Explorer\PLUGINS\cxsrrs.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program
    Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program
    Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager]
    "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program
    Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: RAMASST.lnk =
    C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to
    Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program
    Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program
    Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Research -
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: MUSICMATCH MX Web Player -
    {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
    http://wwws.musicmatch.com/mmz/openWebRadio.html
    (file missing)
    O9 - Extra button: (no name) -
    {e2e2dd38-d088-4134-82b7-f2ba38496583} -
    %windir%\Network Diagnostic\xpnetdiag.exe (file
    missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001
    - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
    %windir%\Network Diagnostic\xpnetdiag.exe (file
    missing)
    O9 - Extra button: Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe (file
    missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe (file
    missing)
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF:
    START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    -
    http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
    (Installation Support) - C:\Program
    Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134}
    (MySpace Uploader Control) -
    http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O18 - Protocol: siteadvisor -
    {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} -
    C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O20 - AppInit_DLLs: C:\WINDOWS\sysloader32v.dll
    O20 - Winlogon Notify: WgaLogon -
    C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj -
    {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
    C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Atheros Configuration Service
    (ACS) - Unknown owner -
    C:\WINDOWS\system32\acs.exe
    O23 - Service: Apple Mobile Device - Apple, Inc.
    - C:\Program Files\Common Files\Apple\Mobile
    Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI
    Technologies Inc. -
    C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner -
    C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd -
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: ConfigFree Service (CFSvcs) -
    TOSHIBA CORPORATION - C:\Program
    Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita
    Electric Industrial Co., Ltd. -
    C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: InstallDriver Table Manager
    (IDriverT) - Macrovision Corporation - C:\Program
    Files\Common
    Files\InstallShield\Driver\1050\Intel
    32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. -
    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) -
    McAfee, Inc. -
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) -
    McAfee, Inc. - c:\program files\common
    files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee,
    Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) -
    McAfee, Inc. -
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner
    (McShield) - McAfee, Inc. -
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) -
    McAfee, Inc. -
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service
    (MpfService) - McAfee, Inc. - C:\Program
    Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: SiteAdvisor Service - Unknown
    owner - C:\Program
    Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Swupdtmr - Unknown owner -
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: SecuROM User Access Service (V7)
    (UserAccess7) - Unknown owner -
    C:\WINDOWS\system32\UAService7.exe
     
    gravepast, Dec 28, 2007
    #2
  3. gravepast

    gravepast Private E-2

    Update:

    McAfee freezes up. It shows the thing on it's list, in Windows folder, as one of the first things scanned. Insult to injury, it doesn't list it as a virus or anything, just goes on and then freezes once the resfix makes too much process.
     
    gravepast, Dec 28, 2007
    #3
  4. gravepast

    gravepast Private E-2

    Update:

    Trying to download Registry Mechanic to see what that will do. The full version, not the trial.
     
    gravepast, Dec 28, 2007
    #4
  5. gravepast

    gravepast Private E-2

    Update:

    Full version of Registry mechanic didn't appear to have an effect. Looking up other programs.
     
    gravepast, Dec 28, 2007
    #5
  6. gravepast

    gravepast Private E-2

    Update:

    I can't get PC to go into Safe Mode. Process seems to be taking too long.
     
    gravepast, Dec 28, 2007
    #6
  7. gravepast

    gravepast Private E-2

    Update:

    Downloading full version of PrevX 2.1 and trying it. Claims to be Antimalware.
     
    gravepast, Dec 28, 2007
    #7
  8. gravepast

    gravepast Private E-2

    Tried PrevX 2.1, won't scan fast enough to get anywhere before resfix83v slows it to a crawl or less. Did finally get PC into SafeMode, so trying Registry Mechanic again and McAfee with updates.
     
    gravepast, Dec 28, 2007
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds